SlideShare a Scribd company logo

Weiqi and InfoSec

Download as PPTX, PDF
Chuan Lin
Chuan Lin

This document discusses the similarities between the board game Go (also known as Weiqi) and information security (InfoSec). It describes how Go components like stones, the board, and lines of defense map to InfoSec concepts like technologies, company locations, and layers of security. Stones represent both offensive and defensive tools, and the board represents a company, with intersection points as areas where networks, hardware, software, and people converge. Different board sizes correlate to company sizes, and strategic points on the board are like critical assets to protect. The document advocates viewing InfoSec defenses holistically and in depth, rather than focusing on any single area.

Technology
1 of 25
InfoSec is a weiqi board Chuan Lin, CISSP
 As Information Security (InfoSec資安) Profession, we tend to focus on a particular domain because it is happening right now and we often miss the bigger picture. • Weiqi (圍棋) is a Chinese board game of moving pieces in order to gain greater area of board. It is more popular known in the West as Japanese Go.
• Weiqi has been often used to metaphor on one’s life, business, and military conflict where one gains or loses grounds. • By observing weiqi in play, it can help us seeing our company’s Information Security in its entirety. • This is 1st of 3 part series on Weiqi/InfoSec. • This slide will focus on weiqi components and how they are similar to InfoSec World.
 Stones are playing pieces that both players take turn placing them on board. Once placed, these stones can’t be moved until it is completely surrounded by opposing pieces.  In Weiqi, black stone (黑 棋子) has the first move. "Stones go" by Chad Miller - Flickr: pente. Licensed under Creative Commons Attribution-Share Alike 2.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Stones_go.jpg#mediaviewer/File:Stones_go.j pg
 Black Stones in InfoSec can represent technologies, tools, social engineering, and the human component. These pieces are used in advanced persistent attacks as being dedicated, concealed, coordinated, and goal oriented. "Stones go" by Chad Miller - Flickr: pente. Licensed under Creative Commons Attribution-Share Alike 2.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Stones_go.jpg#mediaviewer/File:Stones_go.j pg
 White Stones (白棋子) in InfoSec are represented as administrative, physical and technical controls that are able to support each other without dissonances.  They can be firewall, RFID card, security camera, logs, guards, etc. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGob an.JPG
 Whatever they may be, these white stones have to work in unison, to support one another. Firewall is only as good as the person who maintain it. InfoSec Profession can only be as effective as the company policy dictated. And policy can only be forceful if people and technology are backing it up. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGob an.JPG
 Stones are placed at the intersect points on a playing board which is called goban (碁盤).  There are three goban size that corresponded the skill of the players which also corresponded to a company size. "Blank Go board" by Gringer (talk) - Originally based on File:Blank_Go_board.png, but SVG has since been manually rewritten. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Blank_Go_board.svg#mediaviewer/File:Blank _Go_board.svg
 A goban represents a company/business physical location.  These intersect points are the converging points of network, electrical, hardware, software and human presence. "Blank Go board" by Gringer (talk) - Originally based on File:Blank_Go_board.png, but SVG has since been manually rewritten. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Blank_Go_board.svg#mediaviewer/File:Blank _Go_board.svg
 A goban of 9x9 is for beginner which has 4 dots which are known as star points (星). They have strategic and tactical importance. There is a center point called Tianyuan (天元) or tengen. It is the center of heaven.
 This is similar to organization structure of a regional size company whose star points are…  These start points are area of controls which are targeted by attackers. administration HR finance IT data
 For InfoSec of a regional size company, these star points can also view as…  By maintaining a control over a star point, hacker may advance to cover more area/InfoSec may contain hacker’s movement. network software hardware employees data
 Next goban board is 13x13 and the largest board is 19x19. They represent national or international sized corporation. They have 6 to 9 star points of strategic and tactical importance in game and in real world.
 Organization structure of both national and international businesses will have additional star points which are... adminsitraton HR IT research law vendors finance core business Data
 Both national and international businesses will have additional star points which need to be consider when planning out defenses.  Even now, hackers are thinking of another venue of entrance by thinking out of the box. network hardware software location employees vendors energy Internet of things Data
 If you line up all those star points, they form into the 4th Line of Defense, the Influence Line.  This is an optima area of player to expand to all direction.  However, it is easier to expand toward the center than to the edge.
 Influence Line in InfoSec is where the threat is detected within the premise, or within the company network.  The threat has almost unlimited potential to move around because it is inside of all layer defenses.  Nonetheless, it will be harder to expand outward than inward because of same reason above. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGob an.JPG
 If you draw a box surround all those star points, they form into the 3rd Line of Defense, the Onsite Line.  Like Influence Line, this is a potential because it can establish a link toward the outside or the inside.
 Onsite Line in InfoSec is where the threat is detected within public area of the premise, or at the 2nd firewall layer.  The threat is attempting to establish a connection between the outside and the inside. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGob an.JPG
 If you draw a box at a point right next to the border, they form into the 2nd Line of Defense, the Failure Line.  Though line is longer than 3rd and 4th, it does not have much maneuverability.  This line is played during mid to late game.
 Failure Line in InfoSec is where the threat is detected at the public area around the premise, or at the DMZ.  If this showed up after an internal breach is detected, this may be an attempted to establish a connection. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGob an.JPG
 If you draw a line around the border, they form into the 1st Line of Defense, the Demise Line.  This line is usually exploited in mid to late game to establish spheres of controls.
 Demise Line in InfoSec is where the threat is detected away from the premise, or at the first firewall of the company website.  The threat is far away that InfoSec has time to strengthen defenses in depth. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGob an.JPG
 Game of Weiqi has been around for centuries. Yet, it still can provide profound insights to the 20th Century InfoSec Professional.  For hackers, their DDOS and ransomware are not made up an all powerful single identifiable majestic piece (i.e. the Queen) but consisted multitude of negligible pieces (i.e. the stones) that when synced up, it can deliver a devastating punch.  For administrators, it is not about the best tools that money can buy, but inclusive of employees, security policy, incident responses, contingency plans, and more importantly, the communication that interlocked around corporate data.
 Besides traditional entry points of network, hardware, software and physical, there are other new entry points which become apparent as a company getting larger.  These new entry points could provide the VPN for an impeding attacks that bypass layer defenses.  Layer defense strategy shouldn’t just apply to incoming attacks but also to block attacks from phoning home.  Next Weiqi/InfoSec powerpoint will focus on how the game mechanic resemble an attack.

Recommended

Security
SecuritySecurity
SecurityBob Cherry
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...Thomas Burg
 
Let’s Get Cirrus About Personal Clouds
Let’s Get Cirrus About Personal CloudsLet’s Get Cirrus About Personal Clouds
Let’s Get Cirrus About Personal CloudsT.Rob Wyatt
 
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsnDEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsnFelipe Prado
 
Revisit the Three Kingdoms Issue 06
Revisit the Three Kingdoms Issue 06Revisit the Three Kingdoms Issue 06
Revisit the Three Kingdoms Issue 06Chuan Lin
 
About StarForce Technologies
About StarForce TechnologiesAbout StarForce Technologies
About StarForce TechnologiesStarForce Technologies
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 

Recommended

Security
SecuritySecurity
SecurityBob Cherry
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...
The Verizon 2012/2013 Data Breach Investigations Reports - Lessons Learned fo...Thomas Burg
 
Let’s Get Cirrus About Personal Clouds
Let’s Get Cirrus About Personal CloudsLet’s Get Cirrus About Personal Clouds
Let’s Get Cirrus About Personal CloudsT.Rob Wyatt
 
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsnDEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsn
DEFCON 23 - jeremy dorrough - usb attack to decrypt wifi communicationsnFelipe Prado
 
Revisit the Three Kingdoms Issue 06
Revisit the Three Kingdoms Issue 06Revisit the Three Kingdoms Issue 06
Revisit the Three Kingdoms Issue 06Chuan Lin
 
About StarForce Technologies
About StarForce TechnologiesAbout StarForce Technologies
About StarForce TechnologiesStarForce Technologies
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!wmetcalf
 
Flash security past_present_future_final_en
Flash security past_present_future_final_enFlash security past_present_future_final_en
Flash security past_present_future_final_enSunghun Kim
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imhoW Fred Seigneur
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
Exploring Adaptive Interfaces [Generate 2017]
Exploring Adaptive Interfaces [Generate 2017]Exploring Adaptive Interfaces [Generate 2017]
Exploring Adaptive Interfaces [Generate 2017]Aaron Gustafson
 
Bad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions
Bad for Enterprise: Attacking BYOD Enterprise Mobile Security SolutionsBad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions
Bad for Enterprise: Attacking BYOD Enterprise Mobile Security SolutionsVincent Tan
 
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14WMG, University of Warwick
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)Sri Prasanna
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020NSC42 Ltd
 
Android e mobile security - Falcomatà
Android e mobile security - FalcomatàAndroid e mobile security - Falcomatà
Android e mobile security - FalcomatàCodemotion
 
A (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability ScannersA (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability ScannersJohn Kinsella
 
Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)Dinis Cruz
 
Cyber security innovation imho v5
Cyber security innovation imho v5Cyber security innovation imho v5
Cyber security innovation imho v5W Fred Seigneur
 
d i g i t a l i n v e s t i g a t i o n 6 ( 2 0 1 0 ) 9 5 – 1 .docx
d i g i t a l i n v e s t i g a t i o n 6 ( 2 0 1 0 ) 9 5 – 1 .docxd i g i t a l i n v e s t i g a t i o n 6 ( 2 0 1 0 ) 9 5 – 1 .docx
d i g i t a l i n v e s t i g a t i o n 6 ( 2 0 1 0 ) 9 5 – 1 .docxtheodorelove43763
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Itech 1005
Itech 1005Itech 1005
Itech 1005Christina Ramirez
 
Digital spectacle by using cloud computing
Digital spectacle by using cloud computingDigital spectacle by using cloud computing
Digital spectacle by using cloud computingMandar Pathrikar
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
IT Quiz Prelims
IT Quiz PrelimsIT Quiz Prelims
IT Quiz PrelimsSonal Raj
 
大学与​信息安全​
大学与​信息安全​大学与​信息安全​
大学与​信息安全​Chuan Lin
 
黄帝内经与信安上部
黄帝内经与信安上部黄帝内经与信安上部
黄帝内经与信安上部Chuan Lin
 

More Related Content

Similar to Weiqi and InfoSec

You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!wmetcalf
 
Flash security past_present_future_final_en
Flash security past_present_future_final_enFlash security past_present_future_final_en
Flash security past_present_future_final_enSunghun Kim
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imhoW Fred Seigneur
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
Exploring Adaptive Interfaces [Generate 2017]
Exploring Adaptive Interfaces [Generate 2017]Exploring Adaptive Interfaces [Generate 2017]
Exploring Adaptive Interfaces [Generate 2017]Aaron Gustafson
 
Bad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions
Bad for Enterprise: Attacking BYOD Enterprise Mobile Security SolutionsBad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions
Bad for Enterprise: Attacking BYOD Enterprise Mobile Security SolutionsVincent Tan
 
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14WMG, University of Warwick
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)Sri Prasanna
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020NSC42 Ltd
 
Android e mobile security - Falcomatà
Android e mobile security - FalcomatàAndroid e mobile security - Falcomatà
Android e mobile security - FalcomatàCodemotion
 
A (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability ScannersA (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability ScannersJohn Kinsella
 
Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)Dinis Cruz
 
Cyber security innovation imho v5
Cyber security innovation imho v5Cyber security innovation imho v5
Cyber security innovation imho v5W Fred Seigneur
 
d i g i t a l i n v e s t i g a t i o n 6 ( 2 0 1 0 ) 9 5 – 1 .docx
d i g i t a l i n v e s t i g a t i o n 6 ( 2 0 1 0 ) 9 5 – 1 .docxd i g i t a l i n v e s t i g a t i o n 6 ( 2 0 1 0 ) 9 5 – 1 .docx
d i g i t a l i n v e s t i g a t i o n 6 ( 2 0 1 0 ) 9 5 – 1 .docxtheodorelove43763
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Digital spectacle by using cloud computing
Digital spectacle by using cloud computingDigital spectacle by using cloud computing
Digital spectacle by using cloud computingMandar Pathrikar
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
IT Quiz Prelims
IT Quiz PrelimsIT Quiz Prelims
IT Quiz PrelimsSonal Raj
 

Similar to Weiqi and InfoSec (20)

You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!You Give Us The Fire We'll Give'em Hell!
You Give Us The Fire We'll Give'em Hell!
 
Flash security past_present_future_final_en
Flash security past_present_future_final_enFlash security past_present_future_final_en
Flash security past_present_future_final_en
 
Cyber security innovation imho
Cyber security innovation imhoCyber security innovation imho
Cyber security innovation imho
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
Exploring Adaptive Interfaces [Generate 2017]
Exploring Adaptive Interfaces [Generate 2017]Exploring Adaptive Interfaces [Generate 2017]
Exploring Adaptive Interfaces [Generate 2017]
 
Bad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions
Bad for Enterprise: Attacking BYOD Enterprise Mobile Security SolutionsBad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions
Bad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions
 
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
 
Android e mobile security - Falcomatà
Android e mobile security - FalcomatàAndroid e mobile security - Falcomatà
Android e mobile security - Falcomatà
 
A (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability ScannersA (fun!) Comparison of Docker Vulnerability Scanners
A (fun!) Comparison of Docker Vulnerability Scanners
 
Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)Making the case for sandbox v1.1 (SD Conference 2007)
Making the case for sandbox v1.1 (SD Conference 2007)
 
Cyber security innovation imho v5
Cyber security innovation imho v5Cyber security innovation imho v5
Cyber security innovation imho v5
 
d i g i t a l i n v e s t i g a t i o n 6 ( 2 0 1 0 ) 9 5 – 1 .docx
d i g i t a l i n v e s t i g a t i o n 6 ( 2 0 1 0 ) 9 5 – 1 .docxd i g i t a l i n v e s t i g a t i o n 6 ( 2 0 1 0 ) 9 5 – 1 .docx
d i g i t a l i n v e s t i g a t i o n 6 ( 2 0 1 0 ) 9 5 – 1 .docx
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Itech 1005
Itech 1005Itech 1005
Itech 1005
 
Digital spectacle by using cloud computing
Digital spectacle by using cloud computingDigital spectacle by using cloud computing
Digital spectacle by using cloud computing
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
IT Quiz Prelims
IT Quiz PrelimsIT Quiz Prelims
IT Quiz Prelims
 

More from Chuan Lin

大学与​信息安全​
大学与​信息安全​大学与​信息安全​
大学与​信息安全​Chuan Lin
 
黄帝内经与信安上部
黄帝内经与信安上部黄帝内经与信安上部
黄帝内经与信安上部Chuan Lin
 
黃帝內經與資安上部
黃帝內經與資安上部黃帝內經與資安上部
黃帝內經與資安上部Chuan Lin
 
Yellow Emperor Internal Canon on Information Security - part 1
Yellow Emperor Internal Canon on Information Security - part 1Yellow Emperor Internal Canon on Information Security - part 1
Yellow Emperor Internal Canon on Information Security - part 1Chuan Lin
 
Revisiting the Three Kingdoms, Issue 05
Revisiting the Three Kingdoms, Issue 05Revisiting the Three Kingdoms, Issue 05
Revisiting the Three Kingdoms, Issue 05Chuan Lin
 
项目资安禅 - Project Management, Information Security & Chan
项目资安禅 - Project Management, Information Security & Chan项目资安禅 - Project Management, Information Security & Chan
项目资安禅 - Project Management, Information Security & ChanChuan Lin
 
專案、資安、禪 - PMP, InfoSec and Chan
專案、資安、禪 - PMP, InfoSec and Chan專案、資安、禪 - PMP, InfoSec and Chan
專案、資安、禪 - PMP, InfoSec and ChanChuan Lin
 
PMP, InfoSec & Chan
PMP, InfoSec & ChanPMP, InfoSec & Chan
PMP, InfoSec & ChanChuan Lin
 
Revisit the Three Kingdoms issue04
Revisit the Three Kingdoms issue04Revisit the Three Kingdoms issue04
Revisit the Three Kingdoms issue04Chuan Lin
 
孙子项目管理法
孙子项目管理法孙子项目管理法
孙子项目管理法Chuan Lin
 
孫子專案管理
孫子專案管理孫子專案管理
孫子專案管理Chuan Lin
 
Sunzi's Art of PMP
Sunzi's Art of PMPSunzi's Art of PMP
Sunzi's Art of PMPChuan Lin
 
Revisit the Three Kingdoms 03
Revisit the Three Kingdoms 03Revisit the Three Kingdoms 03
Revisit the Three Kingdoms 03Chuan Lin
 
三十六社交工程计 上-简体
三十六社交工程计 上-简体三十六社交工程计 上-简体
三十六社交工程计 上-简体Chuan Lin
 
三十六社交工程計-上-繁體中文
三十六社交工程計-上-繁體中文三十六社交工程計-上-繁體中文
三十六社交工程計-上-繁體中文Chuan Lin
 
Revisit the Three Kingdoms 02
Revisit the Three Kingdoms 02Revisit the Three Kingdoms 02
Revisit the Three Kingdoms 02Chuan Lin
 
Romance of Three Kingdoms Vol1 Issue1
Romance of Three Kingdoms Vol1 Issue1Romance of Three Kingdoms Vol1 Issue1
Romance of Three Kingdoms Vol1 Issue1Chuan Lin
 
Thirty-Six Stratagems of Social Engineering, Part I
Thirty-Six Stratagems of Social Engineering, Part IThirty-Six Stratagems of Social Engineering, Part I
Thirty-Six Stratagems of Social Engineering, Part IChuan Lin
 
易经与资安 中文版
易经与资安 中文版易经与资安 中文版
易经与资安 中文版Chuan Lin
 
易經與資安-中文
易經與資安-中文易經與資安-中文
易經與資安-中文Chuan Lin
 

More from Chuan Lin (20)

大学与​信息安全​
大学与​信息安全​大学与​信息安全​
大学与​信息安全​
 
黄帝内经与信安上部
黄帝内经与信安上部黄帝内经与信安上部
黄帝内经与信安上部
 
黃帝內經與資安上部
黃帝內經與資安上部黃帝內經與資安上部
黃帝內經與資安上部
 
Yellow Emperor Internal Canon on Information Security - part 1
Yellow Emperor Internal Canon on Information Security - part 1Yellow Emperor Internal Canon on Information Security - part 1
Yellow Emperor Internal Canon on Information Security - part 1
 
Revisiting the Three Kingdoms, Issue 05
Revisiting the Three Kingdoms, Issue 05Revisiting the Three Kingdoms, Issue 05
Revisiting the Three Kingdoms, Issue 05
 
项目资安禅 - Project Management, Information Security & Chan
项目资安禅 - Project Management, Information Security & Chan项目资安禅 - Project Management, Information Security & Chan
项目资安禅 - Project Management, Information Security & Chan
 
專案、資安、禪 - PMP, InfoSec and Chan
專案、資安、禪 - PMP, InfoSec and Chan專案、資安、禪 - PMP, InfoSec and Chan
專案、資安、禪 - PMP, InfoSec and Chan
 
PMP, InfoSec & Chan
PMP, InfoSec & ChanPMP, InfoSec & Chan
PMP, InfoSec & Chan
 
Revisit the Three Kingdoms issue04
Revisit the Three Kingdoms issue04Revisit the Three Kingdoms issue04
Revisit the Three Kingdoms issue04
 
孙子项目管理法
孙子项目管理法孙子项目管理法
孙子项目管理法
 
孫子專案管理
孫子專案管理孫子專案管理
孫子專案管理
 
Sunzi's Art of PMP
Sunzi's Art of PMPSunzi's Art of PMP
Sunzi's Art of PMP
 
Revisit the Three Kingdoms 03
Revisit the Three Kingdoms 03Revisit the Three Kingdoms 03
Revisit the Three Kingdoms 03
 
三十六社交工程计 上-简体
三十六社交工程计 上-简体三十六社交工程计 上-简体
三十六社交工程计 上-简体
 
三十六社交工程計-上-繁體中文
三十六社交工程計-上-繁體中文三十六社交工程計-上-繁體中文
三十六社交工程計-上-繁體中文
 
Revisit the Three Kingdoms 02
Revisit the Three Kingdoms 02Revisit the Three Kingdoms 02
Revisit the Three Kingdoms 02
 
Romance of Three Kingdoms Vol1 Issue1
Romance of Three Kingdoms Vol1 Issue1Romance of Three Kingdoms Vol1 Issue1
Romance of Three Kingdoms Vol1 Issue1
 
Thirty-Six Stratagems of Social Engineering, Part I
Thirty-Six Stratagems of Social Engineering, Part IThirty-Six Stratagems of Social Engineering, Part I
Thirty-Six Stratagems of Social Engineering, Part I
 
易经与资安 中文版
易经与资安 中文版易经与资安 中文版
易经与资安 中文版
 
易經與資安-中文
易經與資安-中文易經與資安-中文
易經與資安-中文
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Weiqi and InfoSec

  • 1. InfoSec is a weiqi board Chuan Lin, CISSP
  • 2.  As Information Security (InfoSec資安) Profession, we tend to focus on a particular domain because it is happening right now and we often miss the bigger picture. • Weiqi (圍棋) is a Chinese board game of moving pieces in order to gain greater area of board. It is more popular known in the West as Japanese Go.
  • 3. • Weiqi has been often used to metaphor on one’s life, business, and military conflict where one gains or loses grounds. • By observing weiqi in play, it can help us seeing our company’s Information Security in its entirety. • This is 1st of 3 part series on Weiqi/InfoSec. • This slide will focus on weiqi components and how they are similar to InfoSec World.
  • 4.  Stones are playing pieces that both players take turn placing them on board. Once placed, these stones can’t be moved until it is completely surrounded by opposing pieces.  In Weiqi, black stone (黑 棋子) has the first move. "Stones go" by Chad Miller - Flickr: pente. Licensed under Creative Commons Attribution-Share Alike 2.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Stones_go.jpg#mediaviewer/File:Stones_go.j pg
  • 5.  Black Stones in InfoSec can represent technologies, tools, social engineering, and the human component. These pieces are used in advanced persistent attacks as being dedicated, concealed, coordinated, and goal oriented. "Stones go" by Chad Miller - Flickr: pente. Licensed under Creative Commons Attribution-Share Alike 2.0 via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Stones_go.jpg#mediaviewer/File:Stones_go.j pg
  • 6.  White Stones (白棋子) in InfoSec are represented as administrative, physical and technical controls that are able to support each other without dissonances.  They can be firewall, RFID card, security camera, logs, guards, etc. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGob an.JPG
  • 7.  Whatever they may be, these white stones have to work in unison, to support one another. Firewall is only as good as the person who maintain it. InfoSec Profession can only be as effective as the company policy dictated. And policy can only be forceful if people and technology are backing it up. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGob an.JPG
  • 8.  Stones are placed at the intersect points on a playing board which is called goban (碁盤).  There are three goban size that corresponded the skill of the players which also corresponded to a company size. "Blank Go board" by Gringer (talk) - Originally based on File:Blank_Go_board.png, but SVG has since been manually rewritten. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Blank_Go_board.svg#mediaviewer/File:Blank _Go_board.svg
  • 9.  A goban represents a company/business physical location.  These intersect points are the converging points of network, electrical, hardware, software and human presence. "Blank Go board" by Gringer (talk) - Originally based on File:Blank_Go_board.png, but SVG has since been manually rewritten. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Blank_Go_board.svg#mediaviewer/File:Blank _Go_board.svg
  • 10.  A goban of 9x9 is for beginner which has 4 dots which are known as star points (星). They have strategic and tactical importance. There is a center point called Tianyuan (天元) or tengen. It is the center of heaven.
  • 11.  This is similar to organization structure of a regional size company whose star points are…  These start points are area of controls which are targeted by attackers. administration HR finance IT data
  • 12.  For InfoSec of a regional size company, these star points can also view as…  By maintaining a control over a star point, hacker may advance to cover more area/InfoSec may contain hacker’s movement. network software hardware employees data
  • 13.  Next goban board is 13x13 and the largest board is 19x19. They represent national or international sized corporation. They have 6 to 9 star points of strategic and tactical importance in game and in real world.
  • 14.  Organization structure of both national and international businesses will have additional star points which are... adminsitraton HR IT research law vendors finance core business Data
  • 15.  Both national and international businesses will have additional star points which need to be consider when planning out defenses.  Even now, hackers are thinking of another venue of entrance by thinking out of the box. network hardware software location employees vendors energy Internet of things Data
  • 16.  If you line up all those star points, they form into the 4th Line of Defense, the Influence Line.  This is an optima area of player to expand to all direction.  However, it is easier to expand toward the center than to the edge.
  • 17.  Influence Line in InfoSec is where the threat is detected within the premise, or within the company network.  The threat has almost unlimited potential to move around because it is inside of all layer defenses.  Nonetheless, it will be harder to expand outward than inward because of same reason above. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGob an.JPG
  • 18.  If you draw a box surround all those star points, they form into the 3rd Line of Defense, the Onsite Line.  Like Influence Line, this is a potential because it can establish a link toward the outside or the inside.
  • 19.  Onsite Line in InfoSec is where the threat is detected within public area of the premise, or at the 2nd firewall layer.  The threat is attempting to establish a connection between the outside and the inside. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGob an.JPG
  • 20.  If you draw a box at a point right next to the border, they form into the 2nd Line of Defense, the Failure Line.  Though line is longer than 3rd and 4th, it does not have much maneuverability.  This line is played during mid to late game.
  • 21.  Failure Line in InfoSec is where the threat is detected at the public area around the premise, or at the DMZ.  If this showed up after an internal breach is detected, this may be an attempted to establish a connection. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGob an.JPG
  • 22.  If you draw a line around the border, they form into the 1st Line of Defense, the Demise Line.  This line is usually exploited in mid to late game to establish spheres of controls.
  • 23.  Demise Line in InfoSec is where the threat is detected away from the premise, or at the first firewall of the company website.  The threat is far away that InfoSec has time to strengthen defenses in depth. "FloorGoban" by Goban1 - Own work. Licensed under Public domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FloorGoban.JPG#mediaviewer/File:FloorGob an.JPG
  • 24.  Game of Weiqi has been around for centuries. Yet, it still can provide profound insights to the 20th Century InfoSec Professional.  For hackers, their DDOS and ransomware are not made up an all powerful single identifiable majestic piece (i.e. the Queen) but consisted multitude of negligible pieces (i.e. the stones) that when synced up, it can deliver a devastating punch.  For administrators, it is not about the best tools that money can buy, but inclusive of employees, security policy, incident responses, contingency plans, and more importantly, the communication that interlocked around corporate data.
  • 25.  Besides traditional entry points of network, hardware, software and physical, there are other new entry points which become apparent as a company getting larger.  These new entry points could provide the VPN for an impeding attacks that bypass layer defenses.  Layer defense strategy shouldn’t just apply to incoming attacks but also to block attacks from phoning home.  Next Weiqi/InfoSec powerpoint will focus on how the game mechanic resemble an attack.